From: root <root(a)rawhide-1.lan&gt; More and more tools and libraries are using openat(2) whenever possible so we need to make sure we check for both syscalls. This fixes the test suite on current versions of Fedora Rawhide. Signed-off-by: Paul Moore <paul(a)paul-moore.com&gt; --- tests/file_create/test | 4 +++- tests/filter_sessionid/test | 2 +- tests/syscalls_file/test | 8 ++++---- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/tests/file_create/test b/tests/file_create/test index 08dc3ce..26a226d 100755 --- a/tests/file_create/test +++ b/tests/file_create/test @@ -78,7 +78,9 @@ while ( $line = <$fh_out> ) { # test if we generate a SYSCALL record if ( $line =~ /^type=SYSCALL / ) { - if ( $line =~ / syscall=open / and $line =~ / success=yes / ) { + if ( ( $line =~ / syscall=open / or $line =~ / syscall=openat / ) + and $line =~ / success=yes / ) + { $found_syscall = 1; } } diff --git a/tests/filter_sessionid/test b/tests/filter_sessionid/test index de1eb72..6873bed 100755 --- a/tests/filter_sessionid/test +++ b/tests/filter_sessionid/test @@ -65,7 +65,7 @@ chomp($pid); # test for the SYSCALL message $result = system( -"ausearch -i -m SYSCALL -sc open -p $pid --session $sessionid -k $key > $stdout 2> $stderr" +"ausearch -i -m SYSCALL -sc open -sc openat -p $pid --session $sessionid -k $key > $stdout 2> $stderr" ); ok( $result, 0 ); diff --git a/tests/syscalls_file/test b/tests/syscalls_file/test index 53d28ba..316f823 100755 --- a/tests/syscalls_file/test +++ b/tests/syscalls_file/test @@ -62,10 +62,10 @@ my $found_create = 0; while ( $line = <$fh_out> ) { # test if we generate a SYSCALL record - if ( $line =~ /^type=SYSCALL / ) { - if ( $line =~ / syscall=open / ) { - $found_syscall = 1; - } + if ( $line =~ /^type=SYSCALL / + and ( $line =~ / syscall=open / or $line =~ / syscall=openat / ) ) + { + $found_syscall = 1; } } ok($found_syscall);